The CoreDNS application allows to configure the caching of the DNS responses via the
cache plugin. It was discovered that CoreDNS only verifies the transaction IDs but fails
to check whether the domain in a request matches the response. This can be abused to
inject malicious A records in the cache of the DNS server.
As the CoreDNS application has a different cache for each domain

The CoreDNS software tested by Cure53 during this March 2018 assessment has made
a clearly positive impression.

To conclude, even though four issues were found during this Cure53 assessment, they
were generally - with a single exception - minor, miscellaneous and manageable.
Despite Cure53 testers’ considerable efforts, the software was found to be hard to
corrupt. Therefore, the CoreDNS project stands out as secure, robust and legitimately
security-aware.

The full report can be found here. As for future improvements in
CoreDNS: we will increase the use of fuzzing, increase test coverage and look closer at DNS DoS
mitigations, such as DNS Cookies (described in RFC 7873).